Biostar 2: Suprema plays down fingerprint leak reports
A biometric-security company has played down reports its software exposed “a million” fingerprints, making them vulnerable to hackers on the web.
Suprema’s Biostar 2 program was accessed online by cyber-security researchers earlier this month.
The researchers say they found data from companies that use the system.
Suprema said the access point had now been closed and an investigation had found the scope of the leak to be “significantly less” than reported.
The cyber-security researchers involved, however, are standing by their research.
One of them, Noam Rotem, told BBC News the evidence he had obtained did in fact indicate large amounts of biometric data had been made available online.
He and his colleague Ran Locar had worked with cyber-security company VPNMentor to disclose the breach.
South Korea-headquartered Suprema makes a range of products, including fingerprint readers that allow companies to control access to specific areas of sites or buildings.
“Last week, we were made aware that some BioStar 2 customer user data was accessed by third-party security researchers without authorisation for a limited period of time,” the company said in a statement.
“There are no indications that the data was downloaded during the incident based on the investigation to date.
“We have also engaged a leading global forensics firm to conduct an in-depth investigation into the incident.
“Based on their investigation to date, they have confirmed that no further access has occurred and that the scope of potentially affected users is significantly less than recent public speculation.”
Suprema added it was in the process of identifying affected parties and engaging with relevant regulators and authorities.
There had been concerns that one of the affected clients was the Metropolitan Police, which was reported to have used Suprema technology.
However, a spokeswoman told BBC News: “No Met biometrics systems have been exposed as part of this breach based on our assessment.”